eb0094369f4ad2c243920643331f4e071288f2584a45369caeec67cdc91ccc7a

Analysis

max time kernel
127s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 04:56

Target

55fc6b76766067b7dea58927b860b5f1.dll
Size

29KB
MD5

55fc6b76766067b7dea58927b860b5f1
SHA1

f7f3c39987e530ec11368c5f60b0e61bcb464b56
SHA256

eb0094369f4ad2c243920643331f4e071288f2584a45369caeec67cdc91ccc7a
SHA512

baa5ad9fb5b62ba29dbc648d72ed2da134fafdaec80c2c9687e8893e4ff51b20566c0542e9b340d09e590dfb8bb3e43d6d203a58dcff0b1f32feea2d8b7ac794
SSDEEP

768:4NgHF88Q9RIdkLuNxiWU9vBTjZGU9EliXQa2CoIwYm4nf:xHG9RIdtAD9pRGU9EliAa27fYm4nf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5096	4908	WerFault.exe	62

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4908	4036	rundll32.exe	62
PID 4036 wrote to memory of 4908	4036	rundll32.exe	62
PID 4036 wrote to memory of 4908	4036	rundll32.exe	62

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55fc6b76766067b7dea58927b860b5f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55fc6b76766067b7dea58927b860b5f1.dll,#1
  2⤵
  PID:4908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 548
    3⤵
    - Program crash
    PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4908 -ip 4908
1⤵
PID:2872

memory/4908-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download